Configuring Security Zones

Security Zones let you create a strong Firewall policy that controls the traffic between parts of the network.

A Security Zone object represents a part of the network (for example, the internal network or the external network).

There are two types of Security Zones:

Trusted Zone - The Trusted Zone contains network objects that are trusted. Configure the Trusted Zone to include only those network objects with which your programs must interact. You can add and remove network objects from a Trusted Zone. A device can only have one Trusted Zone. This means that if the Firewall policy has more than one rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., and more than one Trusted Zone applies to a device, only the last Trusted Zone is enforced.

These two network elements are defined as Trusted Zones by default:
- All_Internet - This object represents all legal IP addresses.
- LocalMachine_Loopback - Endpoint device's loopback address: 127.0.0.1. The Endpoint device must always have access to its own loopback address. Endpoint users must not run software that changes or hides the local loopback address. For example, personal proxies that enable anonymous internet surfing.
Internet Zone - All objects that are not in the Trusted Zone are automatically in the Internet Zone.

Objects in the Trusted Zone:

These object types can be defined as Trusted Zones:

To configure a Trusted Zone:

In the Access policy view, go to the right pane - Firewall Rule Settings, and click Manage Trusted Zone.

Click the + icon to see the list of objects you can define as a Trusted Zone.

Note - To add objects to the list , go to the Access view > Manage > Manage Firewall Objects, and click Create.